Keepalived + Nginx 实现高可用 Web 负载均衡

一.nginx安装配置
安装包下载：
链接：https://pan.baidu.com/s/16sCOpQfS4Px6Bl0XL2gY8Q
提取码：r18k

1. 确认环境
   (1)gcc、gcc-c++安装
   查看系统是否安装了gcc和gcc-c++：rpm -q gcc rpm -q gcc-c++ rpm -q make
   
   如果未安装如下
   
   需要安装挂载yum安装如下安装方式：
   yum install gcc-c++
   无网络安装本地yum

1. redhat本地yum云安装方法

1. 上传系统对应版本的ios文件到系统到 /root根目录下
2. 创建文件夹：/media/cdrom/
   mkdir /media/cdrom/
3. 修改yum配置文件(文件位置：/etc/yum.repos.d)
   cd /etc/yum.repos.d
   mkdir bak
   mv . bak/
   cd bak/
   cp rhel-source.repo …/
   cd …/
   vi rhel-source.repo
   
   (file:///media/cdrom)
   mount -t iso9660 -o loop /root/rhel-server-6.8-x86_64-dvd.iso /media/cdrom/
   验证: yum list

2. centos本地yum云安装方法
   1上传系统对应版本的ios文件到系统到 /root根目录下
   2创建文件夹：/media/cdrom/
   mkdir /media/cdrom/
   3.修改yum配置文件(文件位置：/etc/yum.repos.d)
   cd /etc/yum.repos.d
   mkdir bak
   mv . bak/
   cd bak/
   mv CentOS-Media.repo …/
   cd …/
   vi CentOS-Media.repo
   

4. [root@localhost /]# yum list 　　#装挂载（/root/CentOS-7-x86_64-DVD-1708.iso系统上传文件的路径）
   mount -t iso9660 -o loop /root/CentOS-7-x86_64-DVD-1708.iso /media/cdrom/
   提示：mount: 写保护，将以只读方式挂载
   
5. 查看挂着是否成功：如下成功（/dev/loop0）df -h

3)如果没有 gcc 环境，则需要安装
yum install gcc-c++

2. Ngnix安装
   (1)上传部署包到安装（/apps 文件夹下没有文件夹创建）
   mkdir /apps/
   

解压四个 tar 包：ls | xargs -i tar -xf {}

删除已解压的安装包：rm -rf *.tar.gz

(2) Ngnix配置
cd /apps/nginx-1.14.1
自定义配置:方式1
./configure
–sbin-path=/usr/local/nginx/nginx
–conf-path=/usr/local/nginx/nginx.conf
–pid-path=/usr/local/nginx/nginx.pid
–with-http_ssl_module
–with-http_v2_module
–with-http_stub_status_module
–with-pcre=/apps/pcre-8.42
–with-zlib=/apps/zlib-1.2.11
–with-openssl=/apps/openssl-1.1.1a
注意：也就是部署包的路径
–with-pcre=/apps/pcre-8.42指的是pcre-8.34 的源码路径

自定义配置:方式2
./configure
–sbin-path=/usr/local/nginx/nginx
–conf-path=/usr/local/nginx/nginx.conf
–pid-path=/usr/local/nginx/nginx.pid
–with-http_ssl_module
–with-http_v2_module
–with-http_realip_module
–with-http_stub_status_module
–with-pcre=/apps/pcre-8.42
–with-zlib=/apps/zlib-1.2.11
–with-openssl=/apps/openssl-1.1.1a

方式3：支持mysql负载均衡：–with-stream
./configure
–sbin-path=/usr/local/nginx/nginx
–conf-path=/usr/local/nginx/nginx.conf
–pid-path=/usr/local/nginx/nginx.pid
–with-http_ssl_module
–with-http_v2_module
–with-http_realip_module
–with-stream
–with-http_stub_status_module
–with-pcre=/apps/pcre-8.42
–with-zlib=/apps/zlib-1.2.11
–with-openssl=/apps/openssl-1.1.1a
(3) 编译安装
cd /apps/nginx-1.14.1
编译：make
安装：make install
查找安装路径：
whereis nginx

注意：configure: error: Invalid C++ compiler or C++ compiler flags错误

yum install -y gcc gcc-c++
(4)启动、停止nginx
确保系统的 80 端口没被其他程序占用：
netstat -lnp |grep 80 或者netstat -ano|grep 80
/usr/local/nginx/nginx 启动

/usr/local/nginx/nginx -s stop
/usr/local/nginx/nginx -s quit
/usr/local/nginx/nginx -s reload

或者
cd /usr/local/nginx
./nginx
./nginx -s stop
./nginx -s quit
./nginx -s reload
./nginx -s quit:此方式停止步骤是待nginx进程处理任务完毕进行停止。
./nginx -s stop:此方式相当于先查出nginx进程id再使用kill命令强制杀掉进程。

查询nginx进程：
ps aux|grep nginx

注意：
/usr/local/nginx/nginx -s quit
/usr/local/nginx/nginx -s reload
/usr/local/nginx/nginx -s stop
命令报错：如下

原因如下：

1. ngnix没启动
2. 其他解决方式
   /usr/local/nginx/nginx -c /usr/local/nginx/nginx.conf

(5) 重启 nginx
1.先停止再启动（推荐）：
对 nginx 进行重启相当于先停止再启动，即先执行停止命令再执行启动命令。如下：
cd /usr/local/nginx
./nginx -s quit
./nginx
或者：/usr/local/nginx/nginx -s quit

2.重新加载配置文件：
当 ngin x的配置文件 nginx.conf 修改后，要想让配置生效需要重启 nginx，使用-s reload不用先停止 ngin x再启动 nginx 即可将配置信息在 nginx 中生效，如下：
cd /usr/local/nginx
./nginx -s reload
或者：/usr/local/nginx/nginx -s reload
启动成功后，在浏览器可以看到这样的页面：

或者：/usr/local/nginx/nginx –t

注意：
如果访问不了停止防火墙
二、ngnix web配置
192.168.153.166服务器：

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
    client_max_body_size 50M;
    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    upstream 192.168.153.166{
	server 192.168.153.165:18081 weight=1;
	server 192.168.153.166:18081 weight=1;
    }	
    server {
        listen       18088;
        server_name  192.168.153.166;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            #root   html;
            #index  index.html index.htm;
	    proxy_pass   http://192.168.153.166;
            proxy_set_header  Host $host;
            proxy_set_header   X-real-ip $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

192.168.153.165服务器：

#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;
    client_max_body_size 50M;
    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    upstream 192.168.153.165{
	server 192.168.153.165:18081 weight=1;
	server 192.168.153.166:18081 weight=1;
    }	
    server {
        listen       18088;
        server_name  192.168.153.166;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            #root   html;
            #index  index.html index.htm;
	    proxy_pass   http://192.168.153.165;
            proxy_set_header  Host $host;
            proxy_set_header   X-real-ip $remote_addr;
            proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

三、keepalived安装
keepalived两个功能，一个是使lvs使用的vip高可用，一个是监控下游各个子节点的对应端口是否正常工作，以保证快速剔除坏掉的节点。
1.1下载
https://www.keepalived.org/download.html

或者下面连接下载：
链接：https://pan.baidu.com/s/1ONAXBVxoOKdsM8HIJp2Spg
提取码：b3k7
1.2 keepalived安装—Lunix

1. 安装依赖
   yum install -y gcc gcc-c++ openssl-devel
   2.创建文件夹并上传到apps路径下
   mkdir /apps
   mkdir -p /etc/keepalived
   3.解压缩
   tar -zvxf keepalived-2.0.16.tar.gz
2. 进入解压后的目录中，执行以下命令：
   cd keepalived-2.0.16/
   ./configure --prefix=/usr/local/keepalived && make && make install
   cp /usr/local/keepalived/sbin/keepalived /usr/sbin/
   cp /usr/local/keepalived/etc/keepalived/keepalived.conf /etc/keepalived/keepalived.conf
   cp /usr/local/keepalived/etc/sysconfig/keepalived /etc/sysconfig/
   cp keepalived/etc/init.d/keepalived /etc/init.d/
   chmod 755 /etc/init.d/keepalived
   
   、编辑keepalived.service
   vim /lib/systemd/system/keepalived.service

将所有的字符串 “/usr/local/keepalived” 替换为空白，vi编辑器命令:%s//usr/local/keepalived//g

1.3centos7对keepalived操作的基本命令

#查找keepalived 命令
find / -name keepalived
#设置开机自动启动
systemctl enable keepalived
#重新加载
systemctl daemon-reload
#取消开机自动启动
systemctl disable keepalived
#启动
systemctl start keepalived
#停止
systemctl stop keepalived
pkill keepalived
#重启
systemctl restart keepalived
#查看状态及进程
systemctl status keepalived
ps -ef|grep keepalived
#修改配置文件
vim /etc/keepalived/keepalived.conf
#查看日志
tail -f /var/log/messages

四、keepalived 配置
192.168.153.165服务器：

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   #smtp_server 192.168.200.1
   #smtp_connect_timeout 30  
   router_id MYSQL_HA      #标识，双主相同
}

vrrp_script chk_nginx  {
   script "/etc/keepalived/check_nginx.sh"
   interval 2  #检测时间间隔
   weight -5  #如果条件成立，权重-5
   fall 3
   rise 2
}


vrrp_instance VI_1 {
    state BACKUP                //这里 和master不一样的名字
    interface ens33    //网卡和当前机器一致，否则无法启动keepalived服务
    virtual_router_id 51        //和主机器 保持一致
    priority 100            //权重，要比主机器小的数值
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {  //vip      
        192.168.153.188/24      brd 192.168.153.255      dev ens33 label ens33:vip        
    }
    track_script {
        chk_nginx
    }
}

192.168.153.166服务器：

! Configuration File for keepalived

global_defs {
   notification_email {
     acassen@firewall.loc
     failover@firewall.loc
     sysadmin@firewall.loc
   }
   notification_email_from Alexandre.Cassen@firewall.loc
   #smtp_server 192.168.200.1
   #smtp_connect_timeout 30  
   router_id MYSQL_HA      #标识，双主相同
}

vrrp_script chk_nginx  {
   script "/etc/keepalived/check_nginx.sh"
   interval 2
   weight -5
   fall 3
   rise 2
}


vrrp_instance VI_1 {
    state BACKUP                //这里 和master不一样的名字
    interface ens33        //网卡和当前机器一致，否则无法启动keepalived服务
    virtual_router_id 51        //和主机器 保持一致
    priority 90            //权重，要比主机器小的数值
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 123456
    }
    virtual_ipaddress {        
        192.168.153.188/24      brd 192.168.153.255      dev ens33 label ens33:vip        
    }
    track_script {
        chk_nginx
    }
}

五、编写 Nginx 状态检测脚本

#!/bin/bash
d=`date --date today +%Y%m%d_%H:%M:%S`
#计算nginx进程数量
n=`ps -C nginx --no-heading|wc -l`
#如果进程为0，则启动nginx，并且再次检测nginx进程数量，
#如果还为0，说明nginx无法启动，此时需要关闭keepalived
if [ $n -eq "0" ]; then
        cd  /usr/local/nginx/  #ngnix 安装路径
        /usr/local/nginx/nginx   #ngnix启动脚本
        n2=`ps -C nginx --no-heading|wc -l`
        if [ $n2 -eq "0"  ]; then
                echo "$d nginx down,keepalived will stop" >> /var/log/check_ng.log
                systemctl stop keepalived
        fi
fi